legacy: Addition of sepolicy for cvphal

Cvp is a new computer vision hardware which interacts with DSP and video driver. Adding new ion mem permission for cvp domains. Change-Id: I6c2118b15cf5ccc6505c80969c4090e3396238e4
2019-01-21 13:49:53 +05:30 · 2019-01-21 13:49:53 +05:30 · 15e89b71a3
commit 15e89b71a3
parent eb09d56206
5 changed files with 65 additions and 0 deletions
--- a/legacy/vendor/common/attributes
+++ b/legacy/vendor/common/attributes
@ -137,3 +137,7 @@ attribute hal_capabilityconfigstore_qti_server;
 attribute hal_limits;
 attribute hal_limits_client;
 attribute hal_limits_server;
+
+attribute hal_cvp;
+attribute hal_cvp_client;
+attribute hal_cvp_server;
--- a/legacy/vendor/common/file_contexts
+++ b/legacy/vendor/common/file_contexts
@ -338,6 +338,7 @@
 /(vendor|system/vendor)/bin/tloc_daemon         u:object_r:tlocd_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.factory@1\.[0-1]-service  u:object_r:vendor_hal_factory_qti_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.servicetracker@1\.[0-2]-service u:object_r:vendor_hal_srvctracker_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.cvp@1\.0-service             u:object_r:vendor_cvp_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator-service   u:object_r:hal_graphics_allocator_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.composer@1\.0-service   u:object_r:hal_graphics_composer_default_exec:s0
--- a/legacy/vendor/common/hal_cvp.te
+++ b/legacy/vendor/common/hal_cvp.te
@ -0,0 +1,58 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_cvp, domain;
+type vendor_cvp_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_cvp)
+
+hal_server_domain(vendor_cvp, hal_cvp)
+
+add_hwservice(hal_cvp_server, hal_cvp_hwservice)
+
+allow hal_cvp_client hal_cvp_hwservice:hwservice_manager find;
+
+binder_call(hal_cvp_client, hal_cvp_server)
+binder_call(hal_cvp_server, hal_cvp_client)
+
+r_dir_file(vendor_cvp, adsprpcd_file)
+
+#  Access for ion memory
+allow vendor_cvp ion_device:chr_file rw_file_perms;
+
+#  Access for DSP/QDSP device
+allow vendor_cvp qdsp_device:chr_file rw_file_perms;
+allow vendor_cvp dsp_device:chr_file rw_file_perms;
+
+#  Access for sdcard
+userdebug_or_eng(`
+allow vendor_cvp sdcard_type:dir rw_dir_perms;
+allow vendor_cvp sdcard_type:file create_file_perms;
+')
+
+# Access for video device
+allow vendor_cvp video_device:chr_file rw_file_perms;
--- a/legacy/vendor/common/hwservice.te
+++ b/legacy/vendor/common/hwservice.te
@ -50,6 +50,7 @@ type vendor_hal_qteeconnector_hwservice, hwservice_manager_type;
 type hal_esepowermanager_hwservice, hwservice_manager_type;
 type hal_voiceprint_hwservice, hwservice_manager_type;
 type vendor_hal_factory_qti_hwservice, hwservice_manager_type;
+type hal_cvp_hwservice, hwservice_manager_type;
 type hal_wigig_npt_hwservice, hwservice_manager_type;
 type hal_fstman_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_soter_hwservice, hwservice_manager_type;
--- a/legacy/vendor/common/hwservice_contexts
+++ b/legacy/vendor/common/hwservice_contexts
@ -85,6 +85,7 @@ com.qualcomm.qti.qcril.qcrilhook::IQtiOemHook                u:object_r:hal_tele
 vendor.qti.atcmdfwd::IAtCmdFwd                               u:object_r:vendor_hal_atfwd_hwservice:s0
 com.qualcomm.qti.imsrtpservice::IRTPService                  u:object_r:hal_imsrtp_hwservice:s0
 vendor.qti.hardware.factory::IFactory                        u:object_r:vendor_hal_factory_qti_hwservice:s0
+vendor.qti.hardware.cvp::ICvp                                u:object_r:hal_cvp_hwservice:s0
 vendor.qti.hardware.display.allocator::IQtiAllocator         u:object_r:hal_graphics_allocator_hwservice:s0
 vendor.qti.hardware.display.composer::IQtiComposer           u:object_r:hal_graphics_composer_hwservice:s0
 vendor.qti.hardware.soter::ISoter                            u:object_r:hal_soter_hwservice:s0